Computer Science Department
Stony Brook University
I am a member of the Network Security and Applied Cryptography Lab, under the supervision of Radu Sion.
Research Interests
My subject interests include network security, distributed computing, systems security, cryptography, operating systems, storage, and databases. Specific focuses are on securely outsourcing data and services, including secure indexes, private information retrieval, and trusted computing.
Dissertation: Oblivious Remote Data Access Made Practical
Access pattern leaks threaten data confidentiality. The ability to access remote information without revealing the objects of interest is thus essential to remote storage privacy. Despite many challenges to deployment, this thesis asserts that there exist practical (applicable and economical) access privacy mechanisms.
Outsourced computing is a popular trend with good reason: significant cost savings can be obtained by consolidating data center management. This trend arrives with a new set of security issues, however. Companies expose themselves to significant risk by placing sensitive data in systems outside their control. Of concern are not only network security, data confidentiality, and collocation issues, but more importantly a significant shift in liability, and a new class of insider attacks.
To defend these new vulnerability surfaces, of special importance becomes the ability to provide clients with practical guarantees of confidentiality and privacy.This thesis outlines a set of essential outsourcing challenges: (i) How can remotely-hosted data be accessed efficiently with privacy? (ii) How can multiple clients run transactions privately in parallel, with serializability assurances guaranteed by untrusted, possibly malicious transaction managers? (iii) How can new, efficient, minimal-TCB hardware be designed to better provide security and privacy outsourcing guarantees?
To answer these questions, this dissertation introduces new mechanisms for practical private data access and oblivious transaction processing, as well as new trusted hardware designs. A space-time trade-off of client storage vs. efficiency is explored, then expanded to the additional dimensions of multiplicity of clients, the nature of the trusted computing base (hardware vs. software), and the degree of client data processing (access vs. transactions vs. computation). The results are orders of magnitude more efficient than existing work. Together, they bridge the gap between theoretical possibility and practical feasibility.
Selected Publications
Peter Williams, Radu Sion. SR-ORAM: Single Round-trip Oblivious RAM. To appear in ACNS Industrial Track Proceedings, 2012. (abstract)
Peter Williams, Radu Sion, Miroslava Sotakova. Practical Oblivious Outsourced Storage. ACM Transactions on Information and System Security TISSEC Vol. 14, No. 2, September 2011. (abstract)
Peter Williams, Rick Boivie. CPU Support for Secure Executables. 4th International Conference on Trust and Trustworthy Computing TRUST 2011. (abstract) (pdf)
Martin Franz, Peter Williams, Bogdan Carbunar, Stefan Katzenbeisser, Andreas Peter, Radu Sion and Miroslava Sotakova. Oblivious Outsourced Storage with Delegation. Financial Cryptography and Data Security Conference FC 2011. (abstract)
Peter Williams, Radu Sion, Dennis Shasha. The Blind Stone Tablet: Outsourcing Durability. Network and Distributed System Security Symposium NDSS 2009. (acceptance rate: 11.7%) (abstract) (pdf)
Peter Williams, Radu Sion, Bogdan Carbunar. Building Castles out of Mud: Practical Access Pattern Privacy and Correctness on Untrusted Storage. ACM Conference on Computer and Communications Security CCS 2008. (acceptance rate: 18.1%) (abstract) (pdf)
Peter Williams, Radu Sion. Usable PIR. Network and Distributed System Security Symposium NDSS 2008. (acceptance rate: 17.8%) (abstract) (pdf)
Peer Reviewing
NDSS 2012, CCSW 2009, CCS 2008, CCS 2007, TISSEC, IJIS, JSS, ICDCS, TCDE.Teaching
CSE 308 Software Engineering, Spring 2010
Posters
Accelerating PIR. CCS 2009.
Outsourcing Durability. CCS 2009.
Privacty Threats in Online Stock Quotes. Financial Cryptography 2008.
NS3: Networked Secure Searchable Storage. Usenix Security 2007.
Non-academic Interests
charcoal, ink drawing
playing the keyboard
a competitive game of Ultimate
sci-fi, especially Ursula LeGuin or Neil Gaiman